NEC Research Labs

"Towards Scalable User-Agnostic Attack Defense"

Security has become one of the major concerns for today's Internet. End users, however, are slow in adopting new security technologies. Many users cannot do good security management by themselves. On the other hand, IT managers desire efficient and scalable protection mechanisms.

Towards solving these issues, in this talk, I would like to introduce two of my efforts I did at Northwestern University. First, I will present the design of NetShield, a new vulnerability signature based NIDS/NIPS, which achieves high throughput comparable to that of the state-of-the-art regular expression based systems while offering much better accuracy. In particular, I propose a candidate selection algorithm which efficiently matches thousands of vulnerability signatures simultaneously, and design a parsing transition state machine that achieves fast protocol parsing.

Second, I will talk about WebShield, a secure web proxy design that protects clients from web-based exploits by processing potentially malicious JavaScript in a sandboxed environment (shadow browser) on a middlebox. With shadow browsers, WebShield also aims to deploy client-based defenses against various classes of web attacks without client modification.

Short Bio:

Zhichun Li is currently a research staff member at NEC Research Labs. Before joining NEC, he received his Ph.D. on Dec 2009 from Northwestern University, and continued working in the same university as a research associate for half a year. He earned both M.S. and B.S. degrees from Tsinghua University in China. His research interests span the areas of security, networking and distributed systems with an emphasis on network security, web security, smartphone security, cloud security, social network security, network measurement and distributed system diagnosis. He has conducted research at Microsoft Research Redmond and International Computer Science Institute (ICSI) of UC Berkeley. He has published in top-tier security and networking conferences, such as Oakland, NDSS, SIGCOMM and NSDI.